Knowledge Base

The CCC command makes a secured control/command channel revert back to plaintext (un-secured). This feature helps to solve data connection problems in situations where all the conditions below are met:

Secure (SSL Explicit) connection to the remote server

Client behind a NAT router.

Control connection to port 21

Passive (PASV) data connections are not working (e.g. incoming connections blocked on the server side or FTP server behind a NAT)

If the Clear Control Connection (CCC) setting is enabled, the FTP client connects to the server, negotiates a secure connection, authenticates (sends user and password) and reverts back to plaintext.

To change the control connection protection in SmartFTP go to the Favorite Properties. Then go to the FTP - Connection - TLS dialog and change the Control Connection option.

Technical Background NAT routers automatically examine the PORT command sent through a control channel for un-secured control connections to the default FTP port (21) of the remote FTP server. This allows them to open an incoming port for the data connection, setup the routing/forwarding and rewrite the PORT IP with the external (WAN) IP address. If a secured connection (SSL) is made to a FTP server, the NAT router cannot interpret the data correctly as everything is encrypted. Therefore it cannot translate a PORT command and open the appropriate port for the expected incoming data connection. By sending a CCC command and further reverting back to plaintext the NAT router are once again able to translate the PORT commands.